Cyber Safety Information - Hijacking of WhatsApp Accounts.

Threat - Attackers obtain WhatsApp verification PIN from target using a fake account with official WhatsApp logo as display picture to trick users into believing that it is the official account of WhatsApp tech. team

Modus Operandi

The attacker creates a fake account with the official WhatsApp logo as display picture posing to be WhatsApp technical team's account.

The attacker then sends a message to the target asking him/her to share the six-digit verification PIN to verify their identity.

The target is easily tricked when they see the message coming from an account appearing to be the official team account and share the PIN. In reality, the attacker is trying to login from his/her device into target's WhatsApp user account to hijack the account.

If the target divulges the PIN to the attacker, the account gets hijacked. The attackers can then leverage their access to the hijacked account to further send fraudulent messages to friends and family of the target, asking for money, PIN, OTP, etc.

Suggestions

Immediately re-verify WhatsApp account if PIN has been shared with anyone.

Never share verification code sent by Social Media platforms with anyone, whatever be the pretext given by the caller.

@LtGovDelhi @CPDelhi
@CyberDost

It is advisable to activate 'two-step verification' for social media accounts. This will enhance the security of your account and even if the attacker gets access to verification code, a password will still be needed to successfully log into the account.

Never respond to personal messages asking for PIN or any other sensitive personal information. Social media or messaging Apps do not send such messages